Open
Description
{
"id": 70,
"title": "RVD#70: Missing encryption on Rovio",
"type": "vulnerability",
"description": "A passive adversary able to intercept traffic to and from the Rovio is able to: learn a username and password for accessing the Rovio when a user logs on. The login credentials were always unencrypted in their experiments, regardless of whether the robot is being accessed via its ad hoc network, locally via infrastructure 802.11, or remotely over the Internet. Credits to: Tamara Denning, Cynthia Matuszek, Karl Koscher, Joshua R. Smith, and Tadayoshi Kohno",
"cwe": "CWE-Missing Encryption of Sensitive Data (CWE-311)",
"cve": "None",
"keywords": [
"malformed",
"robot",
"robot: Rovio",
"severity: high",
"state: new",
"vendor: WowWee",
"vulnerability"
],
"system": "Rovio",
"vendor": "WowWee",
"severity": {
"rvss-score": 7.0,
"rvss-vector": "RVSS:1.0/AV:RN/AC:H/PR:N/UI:N/Y:M/S:U/C:H/I:N/A:N/H:N",
"severity-description": "",
"cvss-score": 0,
"cvss-vector": ""
},
"links": [
"https://github.com/aliasrobotics/RVD/issues/70"
],
"flaw": {
"phase": "unknown",
"specificity": "N/A",
"architectural-location": "N/A",
"application": "N/A",
"subsystem": "N/A",
"package": "N/A",
"languages": "None",
"date-detected": "2009-09-30",
"detected-by": "",
"detected-by-method": "N/A",
"date-reported": "2009-09-30",
"reported-by": "",
"reported-by-relationship": "N/A",
"issue": "https://github.com/aliasrobotics/RVD/issues/70",
"reproducibility": "",
"trace": null,
"reproduction": "",
"reproduction-image": ""
},
"exploitation": {
"description": "",
"exploitation-image": "",
"exploitation-vector": ""
},
"mitigation": {
"description": "",
"pull-request": "",
"date-mitigation": null
}
}